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Abstract 

This paper addresses problems on the robust structural design of complex networks. More precisely, 
we address the problem of deploying the minimum number of dedicated sensors, i.e., those measuring a 
single state variable, that ensure the network to be structurally observable under disruptive scenarios. The 
disruptive scenarios considered are as follows: (i) the malfunction/loss of one arbitrary sensor, and (ii) the 
failure of connection (either unidirectional or bidirectional communication) between a pair of agents. First, 
we show these problems to be NP-hard, which implies that efficient algorithms to determine a solution are 
unlikely to exist. Secondly, we propose an intuitive two step approach: (1) we achieve an arbitrary minimum 
sensor placement ensuring structural observability; (2) we develop a sequential process to find minimum 
number of additional sensors required for robust observability. This step can be solved by recasting it as a 
weighted set covering problem. Although this is known to be an NP-hard problem, feasible approximations 
can be determined in polynomial-time, and used to obtain feasible approximations to the robust structural 
design problems with optimality guarantees. Finally, we discuss how the proposed methodology can be 
extended to the multiple sensor/link failure. 
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1 Introduction 

State observability is an important prerequisite for the operation of complex networks 
with particular emphasis on critical infrastructures such as electric power grid, manufac¬ 
turing plants, and transportation systems, just to name a few. Over the past decade, the 
complexity of these infrastructures has grown, accompanied by the increasing likelihood 
of failures that will disrupt the normal operation of the system. These faults can be the 
result of an external malicious party that aims to disrupt the operation of the system [1], 
[2], [3], or occur due to natural causes, such as malfunction of systems components [4]. 

Consequently, it is of major importance to enforce the resilience of these systems 
by proper deployment of sensors in the network. Hereafter, by exploring the structural 
vulnerabilities of the network, we address the problem of placing the minimum number of 
sensors that not only ensure observability [5], [6], [7], [8], but also ensure such properties 
under disruptive scenarios: 

P s malfunction/loss of one arbitrary sensor; 

Pi failure of connection (either unidirectional or bidirectional) between a pair of 
subsystems (also referred to as agents) in an interconnected dynamical system 
(also referred to as a complex network). 

Note that in this paper, an unidirectional connection is also referred to as a directed 
link, and a bidirectional connection is also referred to as an undirected link. 

The networks considered hereafter are described by a (possibly large) dynamical 
linear time-invariant (LTI) system given by 

x(t) = Ax(t ), x(0) = xo G M n , (1) 

where igK” denotes the state of the system, and A e M nxn is the dynamic matrix. Here¬ 
after, we concentrate our attention in determining the minimum placement of dedicated 
sensors, i.e., each sensor measures a single state variable, such that the observability of 
the system is attainable under the disruptive scenarios P s and Pi. The dedicated sensor 
placement is described by 

y(t)=I n (J)x(t), (2) 
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where t/GR’ denotes the measured outputs of the system, I n {J) corresponds to the qxn 
matrix comprising by all jth rows of the n x n identity matrix I„ with j e J — {ti, ..., T q }, 
where t, is the /th measured state variable. Dedicated sensors are common in different 
complex networks: (i) in the electric power grid the measurements can consist of the 
frequency of a bus or the power consumed by an aggregate load; and (ii) in multi-agent 
networks such sensors may measure the state of an agent. 

Related Work 

First, we notice that due to the duality between controllability and observability in 
LTI systems, the results about the former can be restated in terms of the latter. The 
characterization of the minimum collection of state variables that need to be measured 
to attain observability, also known as minimum observability problem, was studied in [5] 
and [9], where in the former the NP-hardness of the problem was established and latter 
exact solutions could be determined to systems whose dynamics was characterized by 
a simple matrix. Under the additional Grammian-based energy constraint, in [10] the 
authors showed that an important class of metrics had properties that allows efficient 
global optimization for sensor placement, while providing some optimality guarantees 
and when the initial placement ensures observability. Later, in [11] this framework was 
extended to the case where an initial placement was not required, and some additional 
energy constraints were considered. 

Alternatively, because more often than not the parametrization of the system's dy¬ 
namics is not accurately known, a natural direction is to consider structural systems [12], 
These allow to consider only the fixed zero or independent parameter patterns of the 
system plant matrices, and to establish control theoretical properties such as structural 
observability. A system is structurally observable if for almost all parameterizations, 
satisfying a given pattern, the system is observable in the classical sense [12], In [6], 
the structural minimum observability problem was shown to be polynomially solvable, 
and the characterization of all feasible solutions was provided. More recently, in [13] the 
structural minimum observability problem was considered with heterogeneous measur¬ 
ing costs and also shown to be polynomially solvable; in addition, in [7] computational 
methods with lower complexity were provided to the case where the cost was binary. 
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Although, if the minimum structural observability problem is constrained to an initial 
collection of sensors (possibly measuring more than a single state variable) as initially 
studied in [14], then the problem becomes NP-hard [15]. 

Several verification conditions for P s and Pi have been previously proposed in 
the literature. For instance, the robustness with respect to sensor failure was initially 
discussed in [16], and in [17] (and references therein) the problem of recovering structural 
observability by allocating additional sensing capabilities was considered. Subsequently, 
the implications of the later into fault detection schemes was explored in [18]. In ad¬ 
dition, our work also contrasts with those addressing robustness with respect to link 
failure. For instance, in [19], [16] the authors assessed the impact of directed edges 
failure in the structural observability of the system. More specifically, in [19], the authors 
provided graph-theoretic procedures to identify the minimal sets of links which were 
essential for preserving the structural observability. On the other hand, in [16] generic 
conditions were provided for the case where the link failures concerned the interconnec¬ 
tion between subsystems. More recently, in [20], [21], the relationship between robust 
observability and network features such as topological transitivity and degree of the 
network was studied, respectively. For systems with leader-follower type architecture, 
where the dynamic matrix has non-zero diagonal entries, [22] introduced the notions of 
agent and link observability indices to characterize the importance of individual links 
on preserving the observability of the overall network. 

These results provide verification conditions and procedures to determine robustness 
with respect to link failures. In this paper, we extend preliminary results presented 
in [23], where the dynamic matrix was assumed to be irreducible and symmetric, to 
the case of arbitrary dynamic matrices. Notice that it is often the case that the dy¬ 
namic matrix is not symmetric nor irreducible; e.g., power systems [24], directed multi¬ 
agent networks [25], and other large-scale systems [26]. Hence, justifying the extension 
in the current manuscript for more general scenarios where the design for robust¬ 
ness/resilience is essential. In addition, we notice that from a technical perspective 
the methods employed are more elaborate than those in [23], due to the increased 
complexity of the problem. Further, we have also included a discussion on how the 
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proposed methods can be used to tackle the problem when multiple sensor/link failures 
occur simultaneously. Finally, we notice that a natural robust feasible (generally sub- 
optimal) solution consists of taking the union of two minimal and disjoint collections 
of sensors ensuring structural observability, which could be obtained by using the 
algorithms in [13] for determining minimal dedicated sensor configurations achieving 
structural observability under heterogeneous sensor cost constraints: the first collection 
is obtained considering uniform sensor cost, and the second by imposing infinite cost to 
the variables in the first collection. Nevertheless, the solution is not generally optimal, 
and can be loose when sparse networks are considered, as it will become clear in the 
sequel. o 

The main contributions of this paper are as follows: we address the problem of 
placing the minimum number of dedicated sensors that ensure the network to be struc¬ 
turally observable under disruptive scenarios. The two disruptive scenarios considered 
are as follows: (i) the malfunction/loss of one arbitrary sensor, and (ii) the failure of 
link (either directed or undirected) between agents in a complex network. We show that 
both problems are NP-hard, which implies that they are unlikely to be polynomially 
solvable. Therefore, we propose an intuitive two step approach: first, we achieve an 
arbitrary minimum sensor placement configuration ensuring structural observability; 
secondly, we develop a sequential process to obtain the minimum number of additional 
sensors required for robust observability with respect to any failure. This step can be 
solved by recasting it as a weighted set covering problem. Although this is known 
to be an NP-hard problem, feasible approximations can be determined in polynomial¬ 
time that can be used to obtain a feasible approximation to the robust structural design 
problems with optimality guarantees. Nevertheless, we show that the sensor placement 
considered in the first step may influence the size of the optimal result that we achieve in 
the second step. Subsequently, designing the system with respect to an arbitrary number 
of sensor/link failures is at least as computationally difficult. Finally, we also provide 
a discussion how to use the current results to address the multi sensor/link failure 
scenario. 

This paper is organized as follows. The problem statements are presented in Section 
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2. Section 3 introduces concepts of structural systems theory and some known results. 
In Section 4, we present the main results (the proofs are relegated to Appendix). In 
Section 5, an illustrative example is provided. Finally, conclusions and further research 
directions are presented in Section 6. 

2 PROBLEM FORMULATION 

Let A G {0,*} nxn and I n {J) G {0,*}l' 7 l xn be the structural pattern (i.e., location of fixed 
zeros or independent parameters) of the system dynamics in (l)-(2). With some common 
abuse of terminology, we refer to those entries representing independent parameters as 
"non-zero", while bearing in mind that its realization can be any real number, including 
zero. In addition, denote by [A], :j the entry in the i-th row and y-th column of matrix 
A, where [A] h j = 0 if all possible numerical realizations of the physical system have 
a fixed zero, and [A]ij = * otherwise. Let (l)-(2) be described by the pair (A,I n {J)). 
Then, a pair {A. I n (J)) is said to be structurally observable if there exists an observable 
pair (A',I n {J)) with the same structure (i.e., same locations of zeroes and non-zeroes) 
as {A. In fact, if a pair {A. \ n {J)) is structurally observable, then almost all pairs 

with the same structure are observable [27], 

In this paper, we are interested in the robust output design problems P s and Pi, 
which in the sequel will be formally introduced as V s and Vi, respectively. 

V s Robustness with respect to sensor failure: Given A, determine a minimal subset of 
dedicated sensors J* C {1,..., n) such that (A, l n {J*)) is structurally observable with 
respect to any single dedicated sensor failure. 

In the paper, we will mainly focus on the case where the links are considered as 
directed, and extend the results to the case where we have undirected link failures in 
Section 4.2.2. Now, a (directed) link in the dynamic matrix is associated with a non-zero 
entry [A] h j = *, with graphical representation formalized in Section 4.2. Therefore, a 
directed link failure corresponds to changing a non-zero entry [A] i; j in the structural 
dynamic matrix A by a zero entry, while the rest of elements in A remains the same. We 
denote the new structural dynamic matrix after the link failure by A_uj\. 
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Therefore the sensor placement ensuring robustness with respect to a link failure can 
be stated as follows. 

Vi Robustness with respect to link failure: Given A, determine a minimal subset of 
dedicated sensors J* C {1, ...,n}, such that the pair £„(//*)) is structurally 

observable when the failure of an arbitrary direct link [h] 8J occurs. 

Note that when J* is obtained as described above, the pair (A, l n (J*))> the 
nominal system without a link failure, is structurally observable. 

In addition, we explore the scenario where multiple sensor/link failures can occur, 
and discuss how the proposed solution to the above problems can be extended to cope 
with the former scenario. 

3 PRELIMINARIES AND TERMINOLOGY 

A desirable aspect of structural systems is that their properties, such as structural 
observability, can be analyzed by means of graph theoretical tools. 

Let a digraph (i.e., directed graph) be expressed asV= (V, £), in which V denotes a 
set of vertices and S represents a set of edges, such that, an edge (vj, v,) is directed from 
vertex v 3 to vertex v % . In addition, we denote by |V| the number of elements in the set V. 

A path is a digraph V = (V, E) with V = {i>i, • • • , v n } and E = {(i>i, v 2 ), ( v 2 , v 3 ), ■ ■ ■ , 
(r> n _i, v n )}. Further, v\ and v n are referred to as root and tip of the path, respectively, and 
an isolated vertex (with some abuse of notation) is also considered as a (degenerated) 
simple path. A cycle can be defined as a path with an additional edge from its tip to its 
root. 

Given a digraph V = (V,£), V s = (Vs, E s ) is a subgraph of V if Vs C V and £ s C £. 
A digraph D is said to be strongly connected if there exists a path between any pair of 
vertices [28]. A strongly connected component (SCC) is a maximal subgraph V s = (Vs, Es) 
of V, i.e., it contains the largest collection of vertices and edges between these, such 
that for every v,w G Vs there exists a path from v to w. Any digraph V = ( V. £) can 
be uniquely decomposed into disjoint SCCs. Visualizing each SCC as a supernode, one 
can generate a directed acyclic graph (DAG), i.e., a digraph with no cycles, in which each 
supernode corresponds to an SCC and an edge exists between two SCCs if and only if 
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there exists an edge between vertices belonging to the corresponding SCCs. The unique 
DAG associated with V = (V. £) can be efficiently generated in 0{ |V| + \£\) [28], where 
|V| and \£\ denote the number of vertices and edges in V. We can further characterize 
the SCCs in the DAG representation of D as follows: an SCC is a sink-SCC if it has no 
outgoing edges from its vertices to those in another SCC. 

A digraph V = ( V. 8) can be spanned by a disjoint union of paths and cycles. 
Therefore, we introduce the following decomposition of a digraph. 

Definition 1. A path and cycle (P&C) decomposition of a digraph V = (V,£) consists of a 
disjoint union of paths and cycles that span V. In addition, a minimum P&C decomposition is 
a P&C decomposition with the minimum number of paths among possible P&C decompositions 
that span V. □ 

The minimum P&C decomposition is useful in explaining some preliminaries and 
the main results of the paper. Note that the minimum P&C decomposition of a digraph 
is generally not unique, while the total number of paths in all minimum P&C decompo¬ 
sitions is unique. Further, a minimum P&C decomposition of the state digraph can be 
obtained efficiently in 0(\J\X\\£\) [ 6 ]. 

Now, consider the structure associated to the dynamical system plant (1) and (2), 
given by A and I n {J) as discussed in Section 2 . We can associate with each state variable 
a vertex in a digraph, to which we refer to as a state vertex and its collection is given 
by X = {xi,-- - , x n }. In addition, the edges between state vertices are related with 
non-zero entries of the matrix A, that we refer to as state edges, and we denoted by 
£4 = {(xi,Xj) : [A\ji f 0}. Subsequently, we define the state digraph as 'D(A) = (X. Sf, 
used hereafter to study structural observability. 

The proposed solutions in Section 4 consist of recasting V s and Vi as weighted set 
covering problems [29], that may be described as follows: consider a set U, called the 
universal set, and k sets C t c U, with i e I = {1, • • • , k}. Each C, is associated with a cost 
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q G M,} . The goal is to find a collection with J* C X, such that 


J* = are min 

JC.I 


Y, Ck 

k£j 


s.t. Wc [J <£,. 

3&J 


( 3 ) 


If the costs are positive and uniform, then we obtain the well known set covering 
problem. Although, the (weighted) set covering problem is NP-hard, some approximation 
algorithms with polynomial complexity are known. Further, these algorithms are known 
to ensure bounded optimality gap, hence, providing optimality guarantees. 

The collection of state variables {xj}j £ j measured by dedicated sensors indexed by 
J is referred to as a solution in this paper. Next, we introduce the concept of feasible 
solution as follows. 

Definition 2 ([ 6 ]). Let T>(A) — (X = ..., x n }, £$) be the state digraph. A solution 

T = U jej{xj} is a feasible solution if (A,I n (J)) is structurally observable, where the letter T 
refers to feasible. □ 

Now, we revisit a characterization of the feasible solutions. 

Theorem 1 ([ 6 ]). Let T>(A) = (X,S^) denote the state digraph. A set T C X is a feasible 
solution if and only if there exist two subsets T and S° such that T D T UtS°, where T contains 
the tips of the paths in a minimum P&C decomposition, and S° denotes a subset containing at 
least one variable from each sink-SCC that does not contain variables from T; in particular, each 
of the sink-SCCs that does not contain variables from T is spanned by cycles. □ 

In addition, a feasible solution with the minimal number of state variables is said to 
be a minimal feasible solution. Next, we present a characterization of the minimal feasible 
solutions. 

Theorem 2 ([6]). Let V(A) = (A, £ 4 ) denote the state digraph. A set T C X is a minimal 
feasible solution if and only if it satisfies the condition of Theorem 1, and T has the maximum 
number of tips of the paths in as many distinct sink-SCCs among all possible minimum PLC 
decompositions. □ 
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Recall that the minimum P&C decomposition may not be unique, hence, although 
they have the same number of paths, the tips of the paths associated with a minimum 
P&C decomposition change. In particular, they may belong to distinct SCCs of the state 
digraph; in particular, the tips of the paths may or may not be in a sink-SCC. Note that 
a sink-SCC that contains at least one tip of paths will not contribute to the size of any 
feasible solution. Consequently, if the tip of a path belongs to a sink-SCC, we say that 
this state vertex plays a double role since it simultaneously satisfies the two conditions 
in Theorem 1 and 2. In order to determine a minimal feasible solution, i.e., the feasible 
solution with the lowest cardinal among these, we just need to maximize the number 
of state vertices with double role, i.e., that are both tips of the paths and lie in different 
sink-SCCs. 

For example, consider a 10-state system (randomly generated), whose state digraph 
is depicted in Fig. 5-(a). The state digraph consists of four SCCs, as depicted in the 
four rectangles in Fig. 5-(b). Note that the only sink-SCC is {xi , x 2 , £ 4 , x 5 , X 7 , x$, Xi 0 }, and 
is enclosed by the top rectangle. In addition, a minimum P&C decomposition of the 
state digraph is also depicted in the black continuous arrows and vertices in Fig. 5-(b), 
which consists of two paths and one cycle, the tips of the paths associated with the 
given minimum P&C decomposition of the state digraph is T = {a; 8 , a’io}- Flence, from 
Theorem 2, a minimal feasible solution T contains the tips of the paths T associated 
with the minimum P&C decomposition of the state digraph. In addition, the only sink- 
SCC contains elements x 8 and x w in T; hence, T = T = {xs^io} is a minimal feasible 
solution, demonstrated by grey squares in Fig. 5-(b). 

In [ 6 ], it was further shown that a minimal feasible solution can be determined using 
polynomial complexity algorithms in the size of the state space. 

4 MAIN RESULTS 

In this section, we present the main results of the paper, i.e., we address the problems 
formulated in T s and V\. In Section 4.1, we address V s , followed by Vi addressed in 
Section 4.2. Briefly, V s and V\ are first re-casted in terms of feasible solutions (see 
Definition 2) in V' s and V[, respectively. Subsequently, they are shown to be NP-hard 
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in Theorem 3 and Theorem 6 , respectively. Due to the computational hardness of these 
problems, an intuitive two-step approach to V s and V[ is provided, which ultimately 
reduces to a weighted set covering problem. Feasibility properties of a solution to V' s 
using the proposed approach is provided in Theorem 4, and its polynomial-time ap¬ 
proximation in Theorem 5. Similarly, feasibility properties of a solution to V[ is stated in 
Theorem 7, and its polynomial-time approximation in Theorem 8 . Finally, in Section 4.3 
we explain how the proposed solutions can be extended to deal with the multiple 
sensor/link failures scenario. 

4.1 Robustness with respect to sensor failure 

First, we recast V s in terms of feasible solutions as follows. 

V s : Given the state digraph V(A) = (X. £ 4 ), select a minimum subset of state vari¬ 
ables X s C X, such that for all x e X s , X s \ {a:} is a feasible solution. o 

A feasible solution X s with the properties described in V' s is referred to as a sensor- 
robust feasible solution (s-robust feasible solution). In addition, to ease the analysis, when 
referring to X s \ {a:} we say that {a;} is discarded from X s , and the remaining variables 
X s \ {a;} are said to be non-discarded. 

Now, we show the hardness of V' s (or, equivalently, V s ). 

Theorem 3. V' s is NP-hard. □ 

Given the above hardness, we provide an approximation approach to V' s . To de¬ 
termine an s-robust feasible solution, we recall Theorem 2. More precisely, consider a 
state digraph V(A) = (X. £ f) and one associated minimal feasible solution X(E) = 
{a: ri ,--- , x Tp }, where r, e {1, • • • ,n} (for i e {1, • • • ,p}) is the index of each state variable, 
and H explicitly states the minimum P&C decomposition considered (see Theorem 1 
and 2). More specifically, X(X) contains two subsets T(X) and S°(X), where (without 
loss of generality) T(S) = {x Tl , ■ ■ ■ , x Trn } corresponds to the tips of the paths in S, and 
5°(H) = {x Tm+1 , • • • ,x Tp } is the set of state vertices chosen seriatim from each sink-SCC 
without tips from T(E). 
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Now, observe that a discarded state variable can belong to either T(E) or 5°(S). 
Thus, we need to consider new state variables that together with the non-discarded state 
variables from the minimal feasible solution originates an s-robust feasible solution. To 
sharpen the intuition on the two-step algorithm presented hereafter, in Example 1 and 2 
we provide examples of discarded state variables that belong to S°(E) and T(E), and 
explain how to construct an s-robust feasible solution using a minimal feasible solution. 

Example 1. Let V(A ) = (X,£x) consist of a single SCC and have a minimum P&iC decom¬ 
position consisting of only cycles. From Theorem 2, we have that T = {x} with any x e X, is 
a minimal feasible solution. Subsequently, T s = T U {x'}, with x' e X \ {x}, is a (minimal) 
s-robust feasible solution. □ 

We refer to the additional state variables, that together with those in J~ lead to an 
s-robust feasible solution, as alternatives to J~. This leads us to compute alternatives 
for an arbitrary minimal feasible solution, which correspond to the state variables T' , 
such that after any x G T is discarded, (T \ {a:}) U SF' still forms an s-robust feasible 
solution. Further, recall that a minimal feasible solution J-’(S) contains sets T(E) and 
<S°(H); subsequently, let us start by introducing the alternatives for elements in S°, as 
considered in Example 1, and define the set of sink-alternatives Af to a particular state 
vertex x n e <S°(H). 

Definition 3 (Sink-alternatives). Consider a state digraph V(A) = (X,£^) and a minimal 
feasible solution (F(E) = T(S) U «S°(H), where (F(E) = {x T1 ,-- - ,x Tp }, and (without loss of 
generality) T(E) = [x TX , • • • ,x Tm }, and S°(E) = {x T(m+1) , • • * ,x Tp }. Let n (i _ m) denote the 
number of state variables in the same sink-SCC as x Ti (not including x Tj ), where i > m. Then, 

Af. — e (X \ {a: ri }) : x belongs to the same sink-SCC as x Tt j, (4) 

is the set of sink-alternatives to state vertex x Ti e «S°(H). Further, for notational convenience, 
we denote the state variables in Af. as Af = \5f ,.■■■ ,5f „ A. □ 

Similarly, we can now introduce the notion of alternatives for elements in T, which 
we briefly refer to as tip-alternatives, motivated by the following example. 
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(a) (b) 


Fig. 1. An example of a state digraph V(A) with 9 state variables. In (a) and (b) we depict two minimal feasible 
solutions J ~i = {xi,x 5 ,x & } and T 2 = {x 2 ,x 6 ,x 9 } enclosed by squares, respectively. In particular, the two 
minimal feasible solutions lead to s-robust feasible solutions with different sizes based on our approach. 

Example 2. Fig. l-(a) depicts a 9-state system and a minimal feasible solution IF(E) — T(S) U 
<S°(H), where T(E) = {xi,x bl x 8 }, and S°(E) = 0, because the state digraph consists of one 
sink-SCC that contains tips of the paths. Discarding either xi,x 5 or x 8 from H) renders a 
non-feasible solution, i.e., structural observability no longer holds. As discussed in Section 3, the 
minimum P&cC decomposition of the state digraph is not unique. In fact, T'(E') = (T(S) \ {a:})U 
{y}, with x e T(E) and y e {x 2 , x§,xf\, is also the tips of the paths associated with another 
minimum P&cC decomposition E'. Hence, J r (H) U {y}, with y e {x^, x 6 , xf\, is an s-robust 
feasible solution. Furthermore, this s-robust feasible solution is also minimal. □ 

Subsequently, we define the set of tip-alternatives Af to a state variable x Ty e T as 
follows. 

Definition 4 (Tip-alternatives). Consider a state digraph 'D(A) = (A. S f and a minimal 
feasible solution IF( H) = T(S) U S°(E), where J r ( 5) = { x Tl , ••• ,x Tp }, and (without loss of 
generality) T(E) = {x T11 ■ ■ ■ ,x Trn }, and S°( H) = {x T(m+1) , • • • ,x Tp }. Then, for all i < m, 

Af =|a: G (X \ {x Ti }) : (T(5) \ {a: Ti }) U {x} is a set of tips of 

paths associated with a minimum P&.C decomposition ofV(A)^ (5) 

is the set of tip-alternatives to a tip of a path x Ti e T (E). Further, for notational convenience, 
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we denote the state variables in AT as AT = {ST,, • • • ,ST „ ), where //, is the number of 
tip-alternatives to x Ti . □ 

In other words, keeping all state variables in the tips of the paths T fixed except for 
x Ti that is replaced by a state variable in Aj, we obtain the tips of the paths associated 
with another minimum P&C decomposition S'. For example, in Example 2, we have 
Aj = Aj = Aj = {x 2 , x 6 , xq}, i.e., x 2/ xq, and xg are tip-alternatives to either x\, x 5 , or 

x». 

Now, notice that given a minimal feasible solution T = T U5°, replacing a state vari¬ 
able x Ti G S° by a state variable in its sink-alternatives Af., i.e., J~' = T U(S° \ (x Ti } U {m}) 
with x G Af , T' is still a minimal feasible solution. Alternatively, when tip-alternatives 
are considered two situations can occur. For instance, in Example 1 feasibility is retained 
mainly due to the existence of a single SCC. Elowever, replacing a state variable x Ti G T 
by one of its tip-alternatives may not yield a feasible solution in general. More precisely, 
for a tip x Ti G T, whether T x XTi = {T \ {x Ti } U {x}} U S° with x G Aj., which we refer to 
as an interchanged solution, is a feasible solution or not, depends on which SCCs of T>(A) 
the variables x Ti and x belong to. In particular, if in an interchanged solution T x Xr ’ , x Ti 
is the only tip of paths in a sink-SCC, by replacing x Ti by one of its tip-alternatives that 
does not belong to the same SCC, this SCC becomes an SCC without a tip of the paths 
in a minimum P&C decomposition; thus, a new state variable in this SCC needs to be 
considered to satisfy the second requirement in Theorem 2. Elence, we need to replace 
x Ti by two state variables: a tip-alternative x, and a state variable x' (different from x T/ ) 
in the same sink-SCC as x T . 

In summary, we can generalize our previous discussion by considering collection of 
sets that account for the sink- and tip-alternatives for each variable x Ti G J~, which we 
refer to as back-ups and which we denote by In particular, the sets in A'j- can contain 
one state variable, when sink-alternatives are considered, which we denote by {}, or 
tip-alternatives that do not increase the number of sink-SCCs without tips of the paths, 
which we denote by Elowever, when tip-alternatives increase the number of sink- 
SCCs without tip of paths, then wjT contains two state variables: one is a tip-alternative 
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and another is a state variable in the same sink-SCC as the discarded state variable. 
Subsequently, we have the following definition. 


Definition 5 (Set of Back-ups). Consider a state digraph V(A) = (A, £ 4 ) and a minimal 
feasible solution T = T U5°, where T = {x Tl ,--- , x Tp }, and (without loss of generality) 
T = {x Tl , • • • , x Tm }, and S° = {x T(m+1) • • • , x Tp }. Then, the set of back-ups to x Ti , referred to as 
ilf, is given by 

1) for i — 1,..., m, 

VLf = {bl/}je{i,-,M = {ujf (6) 


where p, is the total number of tip-alternatives of x Ti (see Definition 4), equals to 
the total number of state variables that belong to the same sink-SCC as x Ti but not x n , 
= with A l:h k = 0 if the interchanged solution T & f Ti is a feasible 

Ti,j 

solution, and A l%h k = {xi k } otherwise, where x ik f x Ti is the k-th state variable that 
belongs to the same SCC as x Ti ; and 
2 ) for i — m + 1 ,_ ; p. 






(i —m)} 5 


where is the total number of sink-alternatives of x Ti (see Definition 3). 


(7) 

□ 


Therefore, the goal is to find a minimal T' with above properties, i.e., there is no 
other T" with \IF"\ < \T'\ such that T U T" is an s-robust feasible solution. Notice that a 
common back-up may exist for different elements in IF. For example, in Example 1, {rv- 2 } 
is a common back-up for x\, x$ and a: 8 . As a result, minimizing the size of T' is the same 
as maximizing the shared state variables in back-up sets for different elements in T. 
Subsequently, we can find the minimal T' by considering a set covering where the sets 
account for the back-ups for any element in T. To this goal, consider the construction of 
back-ups in (6)-(7). Since ilf in (6)-(7) consist of sets with one or two state variables, to 
avoid cumbersome notation, let Z be a collection of all N — n + (") = " ( " 0 +1) possible 
sets denoted by Z — {Z u • • • , Z n , Z n+1 , • • • , Z N }, where Z % = {xi} (for i — 1, • • • , n), Z t = 
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{x a , xp} \/a,/3 e {1, • • • ,n} (a < (3), and i = n(a— 1, (3— 1) = \(a+!3—2)(a+/3—1)+/3— 1+n 

denotes the Cantor pairing function shifted by n. In summary, 

2 = {{aii}, • • • , {x n }, {xi, x 2 }, ■■■ , {x n -i, x n }}. (8) 

Consequently, from ( 6 )-(7), we can see that any element in fly consists of one element 
in Z, which implies that fly = {Z 3 } ]( zq, with Q C {1,..., N}. With this definition, the 
problem reduces to identifying for each element Z u the subset of state variables of J~ for 
which Zi is a shared back-up. This can be achieved by considering the definition of the 
sets Vj that contain the indices of the state variables in a minimal feasible solution T, 
or equivalently fly, that an element Z 3 is a back-up to. Formally, this can be defined as 
follows: let Z = {Z l7 • • • , Z N } and X = {1, • • • ,p}, then 

1 ) for j = l,--- ,n, 

v; - {/ e 2: z, e fiy}, (9) 

2 ) and for j — n + 1 , • • • , 1 V, 

VH-el: Zi efi>}u \ U vd . ( 10 ) 

^ J 

Therefore, if Z, } consists of two state variables, then Z 3 is not only a back-up of those 
x Ti 's satisfying Z 3 e fly, but also the back-ups of those x Ti 's to which the back-ups 
contain an individual state variable belonging to Z 3 . To sum up, by computing Vf, we 
identify the subset of state variables of T for which Z % eZ is a shared back-up. 

Thus, we can determine an .s-robust feasible solution as follows: 

Lemma 1. Consider a state digraph T>(A) = (X,£^) and one of its minimal feasible solutions 
T = {x Tl ,x T2 , ■ ■ ■ ,x Tp }. Consider the sets in (9)-(10), and let 1 = {1, • • • ,p}. If there exists 
J C {1, • • • ,N} such that 1 c (J - eJ Vf i.e., the family {Vj} 3£ j covers X, then 

J 7 * = U Zj U T, 

j&J 

is an s-robust feasible solution. □ 
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Notice that Lemma 1 only determines the minimum number of back-ups based on 
a particular seed feasible solution T. Furthermore, if some Z 3 with two state variables 
is considered in the covering, there might exist a set Z 3 * that consists of a single state 
variable that could have been used instead to cover X. Thus, the minimum number of 
back-ups does not ensure the minimum number of alternatives to be considered (in 
addition to a minimal feasible solution), which motivates us to introduce a weighed 
version of the problem to account for this scenario. More precisely, given the sets in 
(9)-(10), we assign to each V/ a cost c if given by 

Ci = \Zi\, for i— !,■■■ , N. (11) 

In other words, the weight of Vf for the set covering problem is equal to the number of 
state vertices in Z,. Hence, we obtain the following result: 


Theorem 4. Consider a state digraph V(A) = (X, £ 4 ) and one of its minimal feasible solutions 
T = {x Tl ,x T2 , ■ ■ ■ ,x Tp }. Consider the sets (9)-(ll), and let X = {1, • • • ,p}. If there exists J* 
satisfying: 


J * = arg min V] c k , 

JC{1,-,N} k£j 

subject to X c U V? ’ 

j&j* 


( 12 ) 


i.e., the family {Vf} 3e j* covers X, then 


r = |J Zj u t, 

is an s-robust feasible solution. In addition, there is no other s-robust feasible solution T' with 
T C T' satisfying Lemma 1 such that {T'l < \F* |. □ 


Theorem 4 requires to solve an NP-hard problem - the weighted set covering problem 
[28]. To circumvent that problem, the next result shows how to obtain an approximated 
solution, which can be achieved using polynomial complexity algorithms [30], [31] with 
optimality guarantees. 

Theorem 5. Consider a state digraph V(A) = (X,£fy, an arbitrary minimal feasible solution 
T, the sets (9)-(U), and the weighted set covering problem as described in Theorem 4. Then, 
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the corresponding weighted set covering can he constructed with complexity 0(\X\ 5 ). Further, a 
feasible but approximate solution J' of the corresponding minimum weighted set covering may 
be constructed using an 0(\ ,T| 3 |) complexity algorithm such that 

7' = (J Zi U 7, 

jej' 

is an s-robust feasible solution, and the performance ratio, i.e., the ratio between the size of 
the approximated s-robust feasible solution and the size of the minimal s-robust feasible solution 

p _ 

containing 7 is bounded by the harmonic number H{p) = 4 of p, where p — \7\. □ 

k =1 

Finally, we note that the proposed two-step approach only ensures minimality con¬ 
ditioned on a particular initial minimal feasible solution. In other words, the minimality 
among all possible s-robust feasible solutions depends on the minimal feasible solu¬ 
tion 7 that one starts with. Different minimal feasible solutions may lead to different 
weighted set covering problems, of which the optimal solutions lead to s-robust feasible 
solutions with different sizes. For instance, consider the example in Fig. 1, which depicts 
a 9-state system and two of its minimal feasible solutions depicted by grey squares, 
respectively. On one hand, 7\ leads to alternatives with size one and consequently gen¬ 
erates a minimal s-robust feasible solution. On the other hand. Fig. l-(b) depicts another 
minimal feasible solution 7> = {x 2 , x 6 , x 9 }, and the sets of back-ups for each state vertex 
in 7-2 are VL 1 ^ = {{xi}, {x 5 }}, Qf 2 = {{z 5 },{x 8 }}, and iif 2 = {{m}, {x 8 }}, respectively. 
Hence, by the weighted set covering problem constructed as described in Theorem 4, 
an s-robust feasible solution may be obtained as 7 2 U {x, y}, with x, y e {xi,x 5 , x 8 } and 
x f y, which is not minimal. 

Although our solution does not guarantee a minimal s-robust feasible solution, we 
argue that in practice our set covering based design approach leads to s-robust feasible 
solutions with small number of states variables. For example, consider the system 
depicted in Fig. 1, for which we can obtain two disjoint minimal feasible solutions 
7\ = { x 1 . Xg, x 8 } and 7 2 = {x 2 , x 6 , Xg}. We may then obtain an s-robust feasible solution 
7g — 7\ U 7o consisting of 6 state variables, whereas with the proposed approach 
(Theorem 4), we can obtain an s-robust feasible solution consisting of 4 or 5 state 
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variables. 

4.2 Robustness with respect to link failure 

As mentioned in Section 2, in this section, we will mainly focus on the case where the 
links are considered as directed, and extend the results to the undirected link failure 
case in Section 4.2.2. The links discussed before Section 4.2.2 are considered as directed 
links. Similar to Section 4.1, we recast Vi in terms of feasible solutions. First, we formally 
define links as follows: 

Definition 6 . (Link) Let T>(A) = (A, £ 4 ) be the state digraph. Then C, j = { (x t . xf)} c £4 
represents a link from x, to x r □ 

Subsequently, Vi can be reformulated as follows: 

Vj: Given the state digraph V(A) = (IT. £ 4 ), select a minimum subset of state vari¬ 
ables T l C X, such that T 1 is a feasible solution for the state digraph V(A_( t J) ) = 
(A, S A - C itj ), for all C £4. o 

A feasible solution J~ l with the properties described in V[ is referred to as an link- 
robust feasible solution (l-robust feasible solution). 

Further, for convenience, when one link C hJ fails we say that the state digraph 
D(A_(jj)) is a corrupted state digraph. 

Now, we show the hardness of V[ (or equivalently Vf. 

Theorem 6. V[ is NP-hard. □ 

4.2.1 Directed Link Failures 

Similar to Section 4.1, we now provide a procedure to determine an approximate so¬ 
lution to Vj. Given a state digraph V{A) = (AT £ 4 ), we start with a minimal feasible 
solution T. Notice that under such condition, a link failure may or may not compromise 
structural observability of T>{A). Thus, we need to consider the properties of the links 
that jeopardizes structural observability when they fail. With these properties, we aim to 
identify new state variables that together with those from the starting minimal feasible 
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solution form a /-robust feasible solution. Therefore, we introduce the notion of sensitive 
link with respect to J~. 

Definition 7. Consider a state digraph T>(A) = (X, £ 4 ) and one of its minimal feasible solutions 
T. We say C hJ is a sensitive link with respect to T if and only if T is not a feasible solution of 
the corrupted state digraph □ 

Hereafter, we can identify sensitive links by considering the minimum P&C decom¬ 
position, and the SCCs that compose the corrupted state digraph as stated in 

the next result (that readily follows from Theorem 1). 

Lemma 2. Consider a state digraph T>(A) = (X,£^) and one of its minimal feasible solutions 
T. A link is a sensitive link with respect to a minimal feasible solution T if and only if T 
does not contain the tips of the paths in a minimum PLC decomposition 5 of V(A_^), or T 
does not contain at least one state variable in each sink-SCC ofV(A_^jf. □ 

To sharpen the intuition on sensitive links, consider the following example. 

Example 3. Consider the example in Fig. 2, which depicts a 5-state system. The state digraph 
consists of two SCCs, whose vertices are enclosed by the two dashed rectangles. The only sink- 
SCC contains x lf and x 5 . Fig. 2-(a) depicts one minimal feasible solution T = T U£° = {.x'i, xf\, 
where T = {^ 3 }, S° = {rri}, and after the failure of the link £ 5j1 = or £ 4;2 = 

{(^ 4 ,^ 2 )}/ 2F = {a;i,a; 3 } is not a feasible solution for the corrupted state digraph V(A_^ 5j1 ' ) ) 
or V{A_^ 2 ))> since there does not exist a minimum PkC decomposition of V(A_^ 2 f nor 
£>(24— (5i i)), with the tips of the paths belonging to the sink-SCC composed by {xi,x 3 }. Hence, 
the link £ 5>1 and £ 4;2 are two sensitive links. Similarly, Fig. 2-(b) depicts another minimal 
feasible solution JF = T U S° = {x 4 ,xf\, where T = {xf\, <S° = {x^}, and after the failure 
of the link £ li5 = {(xi,x 5 )} or £ 3j2 = {(a: 3 ,a; 2 )}, T = {x 4 ,x 5 } is a non-feasible solution for 
the corrupted state digraph V{A_( 1 ^f), or V(A_^ 2 )), since there does not exist a minimum 
PiCC decomposition ofV{A_^f) or £>(A_( 3j2 )), with the tips of the paths belonging to the SCC 
composed by {x 4 , a: 5 }. Hence, the link £ 15 and £ 3 2 are two sensitive links. □ 

Therefore, as seen in Example 3, the set of sensitive links is based on a particular 
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(a) 


(b) 


Fig. 2. A state digraph of a 5-state system, where the grey squares depict the state vertices labeling state 
variables forming a solution, and the rectangles depict the two SCCs forming the state digraph. In (a), 
T = {xi,ar 3 } is a minimal feasible solution, and £ 5a = {(£5,2:1)} and £ 4j2 = {(£4,2:2)} are two sensitive 
links. In (b), T = {x 4 , 2:5} is another minimal feasible solution, and £ 4>5 = {(£1,2:5)} and £ 3j2 = {(a: 3 ,2; 2 )} 
are two sensitive links. 


feasible solution, and there may exist several sensitive links. So, let the set of sensitive 
links associated with T be given by LiT) = U j =1 Ci jtrj , where p denotes the number of 
sensitive links. 

To solve V'i, we proceed similar to Section 4.1, given a feasible solution T we reduce 
the problem of constructing an /-robust feasible solution to a weighted set covering 
problem. We start by exploring the properties of sensitive links. 

Recall that a minimal feasible solution .F(S) contains two subsets of state variables 
T(S) and <S°(S), associated with a P&C decomposion of V(A) as prescribed in Theorem 2. 
In fact, due to a sensitive link £i r r :i failure, we have two mutually exclusive cases (as 
consequence of Lemma 2): 

(i) there does not exist a minimum P&C decomposition S' of V{A_u^) such that T 
contains the tips of the paths of S'. In particular, in this case, the sensitive link 
£/ jVrj necessarily belongs to a path in H. Further, the number of paths associated 
with any minimum P&C decomposition S' increases by at most 1 in comparison 
to S. 

(ii) there exists a minimum P&C decomposition S' of V{Ai it j\) such that J~ contains 
the tips of the paths of S', while the number of sink-SCCs without tips of the 
paths, associated with S increases by 1. 
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We depict in Fig. 3-(b) and Fig. 3-(c) cases presented in (i) and (ii), respectively. 



(a) 



(b) 



(c) 



Fig. 3. An example of state digraphs, where the grey squares enclose the state vertices corresponding to a 
solution. In (a), F = {xi} is a minimal feasible solution, where T = {xi}, S° = 0. In (b), under the failure of 
£2,1, the number of tips of the paths for any minimum P&C decomposition is increased by 1 with respect to 
T, and x 2 is a additional tip of path which is required to belong to the /-robust feasible solution; finally, (c) 
depicts the scenario where a failure £ 3 , 2 occurs, where {xi} still constitutes the tips of the paths for some 
minimum P&C decomposition, but the SCC containing the vertices x 3 and x 4 requires one of its variables 
to be considered to obtain an /-robust feasible solution. 

Based on the previous discussion, the set of sensitive links can be classified without 
loss of generality into two collections C\ and £■/■ C\ = U'_, C t .. Vj represents the set of r 
sensitive links corresponding to case (i), and C 2 = U ^ =r+l Ci j}rj represents the set of p — r 
sensitive links corresponding to case (ii). 

Subsequently, we introduce the notion of completions that correspond to a set of state 
variables J~' such that after the failure of any sensitive link r , J U J' still forms a 
feasible solution for V{A_^. J .-)). Let us start by introducing the completions for elements 
in C 2 : after the failure of sensitive link £/ r c C 2r x tj and x rj are separated into two 
different SCCs in V(A_^ j . rj ^). After such link failure, in V(A_^ jrj ^), the SCC that ay, 
belongs to becomes a sink-SCC without tip of paths. Hence, in order to obtain a feasible 
solution for D(A_^. rj )), an additional state variable in the sink-SCC, that .xy belongs to 
in V{A_{i j r .)), has to be considered. As a result, we can define the set of sink-completions 
If to a particular sensitive link £1 r r, C C 2 . 
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Definition 8 (Sink-completions). Consider a state digraph T>(A) = (X,S^) and a minimal 
feasible solution T = T U5°. Further, consider the sensitive links C(T) = U l j =1 £i j , rj = AU C 2 , 
where C 2 = Uf =r+ , C ti r . represents the set of sensitive links corresponding to case (ii). Then, for 
all r < i < p, 

rf = jV e X : x belongs to the same SCC as in X>(^4_( Jijri ))|, (13) 

is the set of sink-completions to sensitive link Ci un e C 2 . Further, for notational convenience, 
we denote the state variables in rf as rf = {yf ,, • • • , yf }, where ry denotes the total number 
of state variables in the sink-SCC ofT>(A_^ j ^ r .f) that ay. belongs to. □ 

Similarly, we can introduce the notion of completions for sensitive links in C\, 
corresponding to case (i), which we refer to as tip-completions. 

Definition 9 (Tip-completions). Consider a state digraph T>(A) = (X,£a) an d a minimal 
feasible solution T = ^(H) = T(5) U«S°(H). Further, consider the corresponding set of sensitive 
links C(F) = U p j=l Ci j , rj — C\ U C 2 , where C\ = U r j=l £i j , rj represents the set of sensitive links 
corresponding to case (i). Then, for all i < r, 

r J ={x e X : T(H) U {x} contains a set of tips of the paths 

associated with a minimum P&C decomposition of V(A_(i uri f)} (14) 

is the set of tip-completions to sensitive link Ci un e £ Further, for notational convenience, 
we denote the state variables in Ff as Fj = (yf), • • • , yffj, where p, is the number of tip- 
completions to Ci un . □ 

Now, notice that given a minimal feasible solution T, if we consider a sensitive link 
Ci un , by adding one corresponding completion y,, i.e., sink- or tip- completion, JhJ {y, } is 
a minimal feasible solution for the corrupted system A_p uri ) after the failure of sensitive 
link Ci. r .. 

Remark 1. If the failure of sensitive link Ci un of case (i) also increases the number of sink-SCCs 
that belong to the state digraph, then all elements of tip-completions Tf must belong to the new 
sink-SCC generated by the failure of Ci un . □ 
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In summary, we can generalize our previous discussion by considering collection of 
sets that account for the sink- and tip-completions for each sensitive link Ci un c ajF), 
which we refer to as back-ups and denoted by 0^. In particular, the sets in Of contain 
one state variable. Subsequently, we have the following definition. 

Definition 10 (Set of Back-ups). Consider a state digraph V(A) = (A, £ 4 ) and a minimal 
feasible solution T. Further, consider the set of p sensitive links C = U j =1 Ci j}rj — C\ U C 2 , 
where C\ = U r j =1 Ci jjTj represents the set of r sensitive links corresponding to case (i), and 
C -2 = U P j =r+1 Ci jirj represents the set of p — r sensitive links corresponding to case (ii). Then, the 
set of back-ups to £i t . rt , referred to as Of, is given by 

1 ) fori = l,...,r, 

(15) 

where p t is the total number of tip-completions of Ci un (see Definition 9); and 

2) for i — r + 1,..., p, 

= (16) 

where ni is the total number of sink-completions of £i uri (see Definition 8). □ 

In summary. Of is a collection of subsets of state variables each of which consists 
of one state variable, and (15)-(16) can be used to construct an /-robust feasible solution 
from a minimal feasible solution. More precisely, if we keep all state variables in minimal 
feasible solution J~ fixed, and for V^An.^.f), we add any element in Of to the solution 
T (recall that it is no longer a feasible solution), then we achieve a feasible solution for 
V(A_pi i)rj f). Consequently, if we have a set of state variables T', such that 0 c T' with 
6 G 0^-, Vi G {1, • • • , p}r then T U T' is a feasible solution for any V(A_^.^ r p), i.e., T l U T 
is an /-robust feasible solution. 

Therefore, our goal is to find a minimal T' with the above properties, i.e., there is 
no other T" with | T”\ < \IF'\ such that T U J~ n is an /-robust feasible solution. Similar 
to Section 4.1, a common back-up may exist for different elements in C. As a result, 
minimizing the size of T' is the same as maximizing the number of shared state variables 
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in back-up sets for different elements in the set of sensitive links CiT). Subsequently, we 
can find the minimal T' by considering an optimal set covering that covers the back-ups 
for any sensitive link in £{T). Note that in this section, the formulation of sets of back¬ 
ups is different from that of Section 4.1, where the elements of consist of a single state 
variable. Nevertheless, we can still use the similar notation as ( 8 ) to get a compressed 
expression of 0^. More specifically, for a system with n state variables, we denote Z as 
Z = {Z ir -- ,Z n }, where 

Zi = {a:*}, for i = 1 , • • • , n. 

Consequently, any element in 0^- consists of one element in Z, which implies that 
©V = {Zj}j € Q, with Q C {1,..., n). With this definition, the problem reduces to identify¬ 
ing for each element Z ir the subset of elements of CCF) for which Z, is a shared back-up. 
This can be achieved by considering the definition of the sets Vj that contain the indices 
of elements in C(ZF), or equivalently (-)f, that an element Z t is a back-up to. Formally, 
this can be defined as follows: let X = {1, • • • , p}, then 

Zj e 0>[, j = l (17) 

i.e., the indices of the sets 0y's to which the set Z :J belongs to. 

As we can see in (15)-(16), the sets Z,'s are singletons, which is different from 
Section 4.1. As a result, in order to determine a minimal /-robust feasible solution T l 
with T l D S, we can determine the minimum number of back-ups based on a particular 
feasible solution T that satisfies the robustness criterion. In other words, we cast V[ 
as a set covering problem instead of a weighted set covering problem (nonetheless the 
problem is still NP-hard), as given in the following result. 

Theorem 7. Consider a state digraph V(A) = (A, £ 4 ) and one of its minimal feasible solutions 
T = {x T1 ,x T2 , ■ ■ ■ ,x Tv }. Let the set of sensitive links associated with T be given by C(fF) = 
Cj _j jC/j rj , where p denotes the total number of sensitive links associated with T. Consider the 
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J* = arg min \J |, 

J'Cjl,-" ,«} 

( 18 ) 

subject to X c M Vj, 

j&J* 

i.e., the family {V l j}j e j* covers X, then 

7* = |J Zj U 7, 

jej* 

is an l-robust feasible solution. In addition, there is no other l-robust feasible solution 7', with 
7 c 7', such that \7'\ < \7*\. □ 


The discussion in Section 4.1 about the computation efforts readily extends to The¬ 
orem 7, that requires to solve an NP-hard problem - the set covering problem. Conse¬ 
quently, we propose the solution to be approximated with polynomial complexity, which 
can be formally stated as follows. 

Theorem 8. Consider a state digraph T>(A) = (7. Sfy, an arbitrary minimal feasible solution 
7, the sets (17), and the set covering problem as described in Theorem 7. Then, the corresponding 
weighted set covering can be constructed with complexity 0(\7\ 6 ). Further, a feasible but 
approximate solution J' of the corresponding minimum set covering may be constructed using 
an 0(|T’| 3 |) complexity algorithm such that 

F = (J Zj U 7, 
jej' 

is an l-robust feasible solution, and the performance ratio, i.e., the ratio between the size of 
the approximated l-robust feasible solution and the size of minimal l-robust feasible solution 

p 

containing 7 is bounded by the harmonic number H(p ) = | of p, where p is the total number 

k= 1 _ 

of sensitive links. □ 

Similar to the discussion in Section 4.1, we illustrate that the proposed two-step 
approach only ensures minimality of the /-robust feasible solution based on a particular 
minimal feasible solution. In other words, the minimality among all /-robust feasible 
solutions depends on the minimal feasible solution 7 that one starts with. Different 
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Fig. 4 . This figure depicts a state digraph V(A) of a 6-state system, where the grey squares depict the 
state vertices labeling the state variables forming a solution. In (a) and (b) we show that T = {xi,x 6 } and 
T' = {23,2:4} are two minimal feasible solutions of V{A), which lead to /-robust feasible solutions with 
different sizes based on our approach. 


minimal feasible solutions may lead to different sets of sensitive links, which results in 
different set covering problems, whose corresponding optimal solutions lead to /-robust 
feasible solutions with different sizes. Consider the example in Fig. 4, which depicts 
a 6-state system and two of its minimal feasible solutions with the dedicated outputs 
depicted by grey squares, respectively. Fig. 4-(a) depicts one minimal feasible solution 
T = {xi,x 6 }, with no sensitive link. Hence, according to Theorem 7, T = {xi,x 6 } is 
also a minimal /-robust feasible solution. However, Fig. 4-(b) depicts another minimal 
feasible solution T = {x 3 , x 4 } where {(x 1 ,x 2 )} and { (x (> , x-,)} are sensitive links. The 
sets of back-ups for the sensitive links are and { {a: 6 } }, respectively. Thereafter, 

T U {xi,x 6 } is not a minimal /-robust feasible solution. 

Although our solution does not guarantee a minimal /-robust feasible solution, illus¬ 
trative examples provided in Section 5 show that our set covering based design approach 
leads to /-robust feasible solutions with small number of states variables. 

Next, we discuss how to extend the results on obtaining /-robust feasible solutions 
when directed links were considered to the case where we have undirected link failures. 


June 10, 2016 


DRAFT 



28 


4.2.2 Undirected Link Failure 

Recall the two-step approach in Section 4.2.1 to compute an /-robust feasible solution 
when the links are directed. An undirected link consists of two directed links, so the 
procedure to find an /-robust feasible solution is similar to the directed one. More pre¬ 
cisely, an undirected link between Xj and x t is represented as C t J = { (a;,., x 3 ), (xj.x,)} c £4. 
The first step considers a minimal feasible solution used to determine the (undirected) 
sensitive links as described by Lemma 2. The set of undirected sensitive links still 
involves two cases: (i) the lack of the set of tips in a minimum P&C decomposition 
in T after an undirected link failure, and (ii) the generation of an additional sink-SCC 
without tips from the paths in the minimum P&C decomposition. Subsequently, we can 
enumerate completions for undirected sensitive links, and encode the enumeration of 
the completions as sets in a set covering problem as in Theorem 7. The sub-optimal 
solution with respect to undirected link failures can be obtained as part of the solution 
to the set covering problem, given by Theorem 8. 

4.3 Extension to multiple sensor/link failures 

As consequence of the results presented in Section 4.1 and Section 4.2, it follows that the 
problem of determining s-robust//-robust feasible solutions with the minimum number 
of observed variables ensuring structural observability with respect to an arbitrary 
number of sensor/link failures is also NP- hard. 

Further, we can extend the current results in Section 4.1 and Section 4.2 to address 
multiple sensor/link failures. Recall the two-step approach in Section 4.1 and Section 4.2, 
where the first step considers a minimal feasible solution, and in the second step, 
we find sets of back-ups for each state variable in the minimal feasible solution, or 
sets of completions for each sensitive link. Then, to obtain the minimum back-up and 
completion set we reduce the problem to a weighted set covering as we did in Section 4.1 
and Section 4.2, respectively. Notwithstanding, when multiple failures occur, we need 
to find sets of back-ups (resp. completions) for each combination of k state variables 
(resp. sensitive links). For instance, in the multiple sensor failure case, the universal set 
of the weighted set covering problem will be of size (?), which corresponds to the total 


June 10, 2016 


DRAFT 



29 


number of possible combinations of k state variables in the minimal feasible solution, 
and the sets of back-ups contains subsets of state variables of size k,k + 1, • • • , 2k. More 
precisely, for each combination of k state variables in the minimal feasible solution, at 
least we need k sensors as a back-up, and at most 2k sensors is necessary as a back-up. 

5 ILLUSTRATIVE EXAMPLE 

In this section, we illustrate how to obtain an s-robust feasible solution and an /-robust 
feasible solution for a 10-state system (randomly generated), whose state digraph is 
depicted in Fig. 5-(a). A minimal feasible solution is given by T = {.r 8 , x Ui }, whose 
corresponding state vertices are enclosed by the squares in Fig. 5-(b). 




Fig. 5. In (a) we depict the state digraph with 10 states. In (b) the four SCCs are depicted by the four dashed 
rectangles, and a minimal feasible solution is given by T = {ar s , £Cio}, whose corresponding state vertices 
are enclosed by the squares. 


5.1 Robustness with respect to sensor failure 

The back-ups sets (see (6)-(7)) are given by Q.? = {ST^, Vtjk), where Q}r = {{^i}}; and 
f Ijr = {{x i}, (u' 4 }}. By invoking Theorem 4, we observe that there exist two tips of the 
paths, hence 1 = {1,2}, and the covering sets (see (9)-(10)) are given by Vf = {1,2}, 
VJ = {1}, whereas the rest of the covering sets are empty, since all elements of Vt'-p 
consists of only one state variable. Subsequently, we can simply neglect those Vfs with 
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n < j < N, where n = 10 is the total number of state variables, and N = n+ (") = " ( " 2 ' 1-1 
is the total number of sets that consist of one or two state variables. 

As a result, we constructed a set covering problem as proposed in Theorem 4, with 
the universal set X, and the covering sets V/, i <6 {!,••• , 10}. In this example, we can 
readily identify that V} is an optimal solution to the set covering problem in Theorem 4, 
which implies that T* = FU{xi} = {x\ , x&, x w } is an s-robust feasible solution. However, 
for larger systems, we may need to consider sub-optimal solutions as discussed in 
Theorem 5. 

5.2 Robustness with respect to link failure 

First, we identify the set of directed sensitive links associated with the choice of T. This 
consists of 5 elements, given by Ci\l^ £~j, £l^ 0 , and £l j. 

For those sensitive links, the collection of back-ups sets (see (15)-(16)) is given by 
Qjr = {©j-, • • • , 0 j-}/ where ©}r = {{h}}/ ©X = {{^s}}/ ©j- — {l 2 ^}}/ ©j- — 

{{x&,x 7 }}, and = {{ 2 : 3 }}. 

Because there exist five sensitive links, we have X = (1, • • • , 5}, and the covering sets 
(see (17)) are given by V[ = {1}, V 3 = { 6 }, V 5 = { 2 }, Vg = {3,4}, = {4}, and the 

other sets are empty. As a result, we constructed a set covering problem as proposed in 
Theorem 7, with the universal set X, and the covering sets V\, for i e {1, • • • , 10}. Further, 
we can readily identify that either {V|}i e {i, 3 j 5 , 6 } is an optimal solution to the set covering 
problem in Theorem 7. Thus, T* = FU{x{\ = {xi,x 3 , x 5 , x 6 , x&, £ 10 } is an /-robust feasible 
solution. However, for larger systems, we may need to consider sub-optimal solutions 
as discussed in Theorem 8 . 

5.3 Discussion of Results 

To evaluate the trade-off between the running time of the proposed algorithm and the 
network topology, we consider state digraphs that were randomly generated using three 
models commonly found in the literature [32]: Erdos-Renyi [33], small world and scale 
free models. 
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In our simulation, we consider two properties of random networks: the scale of the 
network and the connectivity of the network. Simulation results show that in Erdos- 
Renyi model, usually we do not have any s-robust feasible solution when the connec¬ 
tivity of the network is small, in which case the graph contains several source SCCs 
with only one state vertex, which implies that the corresponding state variable has to 
be measured directly Alternatively, when state digraphs are modeled as small world 
networks, due to the likelihood of existing a cycle which connects all state vertices, all 
minimal feasible solution consist of one sensor, and we need at most two sensors to 
ensure s-robustness or /-robustness. As a result, we now devil in details when the state 
digraphs have a scale-free network topology. 

In the scale-free network implemented as in [34], there are two parameters: n 
denotes the number of nodes in graph, and d denotes the minimum node degree, which 
determines the connectivity of the network. In addition, we randomly switched 10% of 
undirected links to directed links. For the simulation experiments, we used a Macbook 
Pro running Ubuntu Linux with a 2.7 GFIz Intel Core i5 processor. In order to compute 
a minimum P&C decomposition, toolbox TOMLAB/CPLEX [35] was considered. After 
we construct the set covering problems as in Theorem 4 and Theorem 7, we use greedy 
algorithm [29] to find a sub-optimal solution to the set covering problems. The Matlab 
implementation of the proposed algorithm can be found in [36]. 

In Figure 6 , we show the simulation results when we consider different values of 
d with n = 300, and record the runtime and the cardinalities of solutions based on 
proposed algorithms. In Figure 7, we show the simulation results when we consider 
different values of n with d — 1 , and record the runtime and the cardinalities of solutions 
based on proposed algorithms. Furthermore, we fitted the curves in Figure 7-(a) with 
functions of the form f(n) = a * n b . For s-robust, the values of a, 6 with b £ N that lead 
to the minimal square of the correlation are a = 2.235 x 10 -7 and 6 = 4. For /-robust, 
the values of a, b with b e N that lead to the minimal square of the correlation are 
a = 2.673 x 1CT 7 and 6 = 4. 

In addition. Table I lists the simulation results, where we consider different values 
of n with d = 1, and record the number of minimum P&C decomposition required for 
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(a) Runtime to compute s //-robust feasible 
solutions 



(b) Cardinality of minimal and s/Z-robust 
feasible solutions 


Fig. 6. This figure depicts the relationship between the minimum node degree and the runtime/cardinalities 
of solutions for scale-free networks with different values of d and n = 300. In (a), the relationship between 
the minimum node degree and the runtime is considered. In (b), the relationship between the minimum 
node degree and the cardinalities of solutions is depicted. 



Scale of the Network 



(a) Runtime to compute s //-robust feasible (b) Cardinality of minimal and s //-robust 


solutions 


feasible solutions 


Fig. 7. This figure depicts the relationship between the minimum node degree and the runtime/cardinalities 
of solutions for scale-free networks with different values of n and d = 1. In (a), the relationship between the 
scale of the network and the runtime is considered. In (b), the relationship between the scale of the network 
and the cardinalities of solutions is depicted. 
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each experiment. In Table I, D s represents the number of P&C decomposition required to 
construct the set covering problem in Theorem 4, D' s represents the number of P&C de¬ 
composition required to construct the set covering problem based on pure enumeration 
for .^'-robustness, /& represents the number of P&C decomposition required to construct 
the set covering problem in Theorem 7, D[ represents the number of P&C decompo¬ 
sition required to construct the set covering problem based on pure enumeration for 
/-robustness. Thus, from Table I it readily follows that the proposed approach enables a 
systematic and efficient method to determine s //-robust feasible solutions. In addition, 
from Table I and Figure 7 we can see that the network with n = 50 already lead to a 
set covering problem with the universal set of size 19, and 558 covering sets. To find the 
optimal solution, in the worst case, combination of covering sets need to be computed 
is ( 5 ‘^) + ( 5 f) + ... + ( 5 |'y 8 ), which is cumbersome to compute. Hence, approximation 
algorithms like greedy algorithm are required to find an s/l robust solution. Finally, 
although we present simulations only for models randomly generated, the proposed 
approach is general and applicable to those systems not modeled by the mentioned 
models. 


n 

50 

100 

200 

300 

D s 

558 

2378 

9300 

20628 

D' s 

2.15 x 10 9 

2.88 x 10 17 

2.13 x 10 37 

3.14 x 10 57 

A 

651 

2320 

10416 

26740 

D\ 

2.15 x 10 9 

2.88 x 10 17 

2.13 x 10 37 

3.14 x 10 57 


TABLE 1 


6 CONCLUSIONS AND FURTHER RESEARCH 

In this paper, we addressed the problem of deploying the minimum number of dedi¬ 
cated sensors that ensure a network of interconnected linear dynamical systems to be 
structurally observable under disruptive scenarios. The disruptive scenarios considered 
are: (i) the malfunction/loss of one arbitrary sensor, and (ii) the failure of connection 
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(either directed or undirected) between a pair of dynamical devices in an interconnected 
dynamical system. Due to the combinatorial nature of the problem, we proposed a two 
step approach. First, we achieve an arbitrary minimum sensor placement configuration 
ensuring structural observability. Secondly, we develop a sequential process to find the 
minimum number of additional sensors required for robust observability with respect to 
arbitrary sensor/link failure. This step can be solved by recasting it as a (weighted) set 
covering problem, for which sub-optimal solutions can be determined in polynomial¬ 
time and with optimality guarantees. 

Future research consists of finding efficient approaches to determine sensor deploy¬ 
ment to cope with disruptive scenarios where multiple failures can occur at the same 
time. 

7 Appendix 

Proof of Theorem 3: 

To prove that V' s is NP-hard, we need to provide a reduction from an NP-hard 
problem to V s . Intuitively, it would mean that if a solution to general instances of V' s can 
be efficiently obtained, we would also obtain an efficient (polynomial) solution to any 
instance of the NP-hard problem. Therefore, consider the set covering problem with uni¬ 
versal set U = {1, • • • ,p} and a finite collection of k sets Ci<zU with i e J — {1, • • • ,k}. 
In addition, consider the reduction proposed in Fig. 8, where an instance of the set 
covering problem with input (C \,..., C k ; U) is written as an instance to V' s , with input of 
the (p + k + 4) x (p + k + 4) matrix A(Ci ,..., C k ; U), whose state digraph V(A) is depicted 
in Figure 8, given as follows: (1) A p+j ^ — 1 if i e Cp (2) A p+pp+:j = 1 for j = 1,..., k; 
(3) Ap+ k +2,p+j 1 for j = 1,..., fc; (4) Ap-\-k+2,p+k+l d.p_|_fc_|_i j p _|_/ s _|_2 Ap_ )_/ c _(_3 i p_(_/ c _|_2 

Ap+k+ 2 ,p+k +3 d.p_|_/ c _|_ 2 ,p+fc +4 1 / cmd zero otherwise. 

Notice that T s is an s-robust feasible solution only if it contains two state vari¬ 
ables from the sink-SCC, i.e., two state variables out of {x p+k+ i, x p+k+2 , x p+k+3 }, recall 
Theorem 1. In addition, 3F S \ {x}, with x G T s , has to contain the tips of the paths 
T(H) associated with some minimum P&C decomposition S. Due to the sparse na¬ 
ture of A(Ci,... ,C k ]lT), it follows that the tips of the paths associated with a mini- 
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(3) 

X 

X p+k+ 1 

X p+k+4 

( 2 ) 

jw 

Fig. 8. This figure depicts the state digraph V(A(C 1 ,... ,C k \U)) with one sink-SCC with its vertices enclosed 
in the dashed box. Briefly, Xi (i = l,...,p) are associated with the elements in the universal set, and 
x p+ j (j = 1,..., k) with the sets in the set covering problem. In other words, there is an edges from x t 
(i = 1,... ,p) to x p+ j (j = 1,... ,k) if an element i belongs to set C 3 . 



mum P&C decomposition can be characterized in closed-form. More precisely, let T 1 = 
{xi,... ,x p ,x p+k+1 ,x p+k+4 } and T 2 = {x 1 ,... ,x p ,x p+k+3 ,x p+k+i } be two sets of tips of 
the paths and 7 Z,- L = {x :) : x { reaches ay} be the set of state variables reachable from ay 
(including itself). Then any set of tips of the paths is given by '7 -1 \{ar i }U{r-}, where ay E T 1 
and r G TZi\(T v U {x p+k+2 }) or T 2 \{ay}U{r} , where x t e T 2 and r E Tli\(T 2 U {x p+k+2 }). 
Consequently, a minimum s-robust feasible solution has to contain x p+k +i arid x p+k +3 to 
ensure that two state variables from the sink-SCC are chosen, and such that they can 
account for one state variable in any set of tips of the paths; in other words, if the choice 
included x p+k+2/ then an additional state variable would be required to be included 
in an s-robust feasible solution. Further, from the description of the sets of tips of the 
paths, it follows that J 76 has to contain the minimum collection of state variables in 
TZi \ (T U {x p+k + 2 }) for all l E {1,... ,p}. In addition, from the interpretation in terms of 
the set covering problem presented in Fig. 8, it follows that a solution to our problem 
would allow us to retrieve a solution to the set covering problem (Ci,..., C k ; U), and the 
result follows. o 

Proof of Lemma 1: It suffices to verify that T * \ {a:} is a feasible solution for all x E J 7 *. 
To this end, we consider the following two cases: (i) if x E J 7 * \J r , then T C ( J 7 * \ {x}), 
and because J 7 is a feasible solution, J 7 * \ {a;} is also a feasible solution; (ii) if x E J 7 , say 
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x = x Ti , it follows that [J^j %>j C (J 7 * \ {a:-}). Further, by definition of set covering and 
Vj's in (9)-(10), there exists j* e J, such that i e VI, and e Q)r. In other words, there 
exists a set of state variable(s) Zj* c (T 7 * \ {a;}), such that {J 7 \ {a:- r ,}} U Zj* is a feasible 
solution (by definition of ilf in (6)-(7)). Hence, T * \ {a:} is a feasible solution. ■ 

Proof of Theorem 4: To prove optimality, we proceed as follows: (i) we show that IF* 

is an s-robust feasible solution; and (ii) we show that there is no other s-robust feasible 

solution T', with J 7 C J 7 ', such that | J- 7 ! < | J 7 * |. Condition (i) holds by Lemma 1. To prove 

(ii), we assume by contradiction that there exists an s-robust feasible solution J 7 ', with 

T C F', such that \F'\ < Id 7 *). By definition of the sets VJ and the associated cost c 3 in 

(9)-(ll), there exists a set J' C {1, • • • , N} associated with J 7 ' \ J 7 such that X c (J j&J , Vf 

and c k < c k- This contradicts the fact that J* = arg min ff, c k . As a result, 
kej' k&j* Jc{i,-,N}keJ 

(J Zj is the minimal set of back-ups for J 7 , and the result follows. ■ 

Proof of Theorem 5: A (minimal) feasible solution T can be efficiently determined using 
a polynomial complexity algorithm [ 6 ], with a time complexity of 0{\Xf). Similarly, 
computing each set of Vtf for i — 1 , • • • , m has a time complexity of 0(\X\ 4 ). As a result, 
the complexity of computing Vtf for all i = 1 , • • • , rn is 0(\X\ 5 ). Also, each set of Vtf 
for i = m + 1, • • • ,p can be determined with a time complexity of 0 {\ X \). Hence, the 
complexity of determining Qf for all i — m + 1, • • • , p is 0{\ Xf). Remark that V? can be 
efficiently implemented in at most 0(\X\ A ) since it consists of verifying if each of the \Z\ 
sets in total j belongs to at most \X\ sets of Xfs. Thus, we can construct the 

corresponding weighted set covering with complexity 0{\X\ 5 ). Further, for the weighted 
set covering problem we constructed, the size of the universal set is bounded by \X\, and 
the number of cover sets is bounded by \Xj 2 , which leads to our conclusion about the 
overall computational complexity. 

By considering the greedy heuristic algorithm for the weighted set covering problem 
[37], we obtain a performance ratio of H(d), where d is the size of the largest cover set. 
Thus, the solution obtained with the proposed method achieves a performance ratio 
of II ip) where p is the size of the universal set. In addition, we use the fact that the 
algorithm in [37] has computation complexity bounded by 0(p x N ), where N represents 
the number of cover sets. Finally, we notice that feasibility holds due to Lemma 1. ■ 
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Proof of Theorem 6: 

We provide a similar reduction to that in Theorem 3, where an instance of the set 
covering problem with input (Ci ,..., C k ; U) is written as an instance to V[, with input of 
the (p + 2 /c + 4) x (p + 2k + 4) matrix A(Ci,..., C k ]U), whose state digraph V(A) is depicted 
in Figure 9, given as follows: (1) A iti = 1 for i = 1,p (2) A p+j:i = 1, and A p+k+j)i = 1 
if i f Pjr (3) A P - j.p ) j 1 and -3^. k . pp . k . j 1 for j (4) A p —2 />■+ 2 . p+/ 1 and 

Ap-\-2k+2,p+k+j 1 for j I; • • • j k, (5) -4p+2fc+l,p+2fc+3 Ap+2k+l,p-\-2k+4 A p j r 2k+2,p+2k+Z 

A p+2 k+ 2 ,p+ 2 k +4 = 1; and zero otherwise. 

Now, notice that J~ l is an /-robust feasible solution only if it contains state variables 
T = {x p+ 2 k+i, x p+ 2 k+ 2 } that is the tips of the paths associated with any minimum P&C 
decomposition of the state digraph. Further, T consists of a state variable from each 
sink-SCC. As a result, T is the only minimal feasible solution of A(Ci,... ,C k ] U). In 
addition, only links {(xi,Xi) : 1 G U} are sensitive links with respect to T; in particular, 
T' = T U {xi} is the tips of the paths associated with a minimum P&C decomposi¬ 
tion associated with the corrupted state digraph V{A_^^). Due to the sparse nature 
of A(Ci,... ,Ck,U), we can characterize all possible sets of tips of the paths associated 
with a minimum P&C decomposition of the corrupted state digraph. More precisely, 
let 7 Zi = {xj : exists a direct path from x r to x :) } be the set of state variables whose 
corresponding vertices are reachable from x t (including itself) in 'D(A(C \,..., C f ,: U)), then 
any set of tips of the paths associated with the corrupted state digraph after the failure 
of sensitive link {(x*,^)} is given by {x p+2 k+i, x p+2 k+ 2 } U {r}, where r G U t \ {x p+2 k+ 2 }- 
Consequently, from the description of the sets of tips of the paths, it follows that T l has 
to contain the minimum collection of state variables in 12 t for all i e {1 ,..., p}, where 
due to symmetry choosing x p+i or x p+k+l leads to the same results. In addition, from 
the interpretation in terms of the set covering problem presented in Fig. 9, it follows 
that a solution to our problem would allow us to retrieve a solution to the set covering 
problem (C 1; ..., C k \U), and the result follows. ■ 

Proof of Theorem 7: Similar to Theorem 4, by considering the sensitive links and the 
sets (15)-(16) for the minimum set covering problem. ■ 

Proof of Theorem 8: Similar to Theorem 5, by considering the sensitive links and the 
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Fig. 9. This figure depicts the state digraph V(A(C 1 ,.. .,C k -,U)) with two sink-SCCs with its vertices enclosed 
in the two dashed boxes. Briefly, Xi (i = 1,... ,p) are associated with the elements in the universal set, and 
x p+ j,x p+ k+j (j = l,..., k) with the sets in the set covering problem. In other words, there are edges from 
x, (i = l,...,p) to x p+:j and x p+k +j (j = 1,..., k) if an element i belongs to set C :r 


sets (15)-(16) for the minimum set covering problem. ■ 
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